Networking is the most important & complicated part of your architecture, especially when it comes to a large corporate or organization.
If you have a large network and large number of offices, you will need to have a full control of your network and you need to be able to secure it and know if there are any unintended findings for your network.
AWS has a feature called Network Access Analyzer; this feature allows you to identify unintended network access to your resources on AWS.
It used to let you know if there are network paths don't meet your requirements, which helps you to have a full view & control for your AWS network architecture, beside that it helps you to check network compliance requirements.
AWS Network Access Analyezer can help you with the below:
- Let you know which resources on your network can be accessed through IGW.
- Check if you have required network controls (Firewalls, NAT).
- It makes sure your resources are accessible from a trusted IPs only.
Using AWS Network Access Analyzer
- Go to AWS console and search for Network Manager
Select Network Access Analyzer from the left panel under security & governance, then press get started.
there will be default 4 scopes exist as below:
the 4 scopes are
All-IGW-Ingress (Amazon created) – Identifies network paths from internet gateways to all network interfaces in your account.
All-IGW-Egress (Amazon created) – Identifies network paths from all network interfaces to internet gateways in your account.
All-VPC-Ingress (Amazon created) – Identifies inbound paths from internet gateways, peering connections, VPC endpoints, VPNs, and transit gateways to all VPCs in your account.
All-VPC-Egress (Amazon created) – Identifies outbound paths to internet gateways, peering connections, VPC endpoints, VPNs, and transit gateways from all VPCs in your account.
We will use All-IGW-Ingress to know which resources in our side can be accessed through internet gateway & press analyze
- It will take several minutes to show the findings, below are the paths for the resources which can be accessed through IGW
Conclusion
AWS Network Access Analyzer is very useful to know the available paths to your resources and which resources also can be access the internet on which ports.
Top comments (0)